banner
wling

wling

bilibili
HomeArchives

Remote home server, using SSH and Clash to manage traffic proxy

58
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
The author discusses a solution for accessing a home server remotely using SSH to set up a Socks5 proxy, which is managed by Clash for intelligent traffic routing. The process involves establishing an SSH connection with specific parameters to create a local Socks5 proxy on port 8080. Then, the author configures Clash to use this proxy, enabling automatic traffic switching based on the proxy's availability. This setup allows for seamless remote work, ensuring that traffic is routed through the proxy when available and reverting to direct connection when it is not, enhancing flexibility and efficiency for tech enthusiasts.

Recently, I encountered a small issue. It used to be very convenient to access the server directly using the IP of the internal network machine at home, but sometimes when I go out, I only have SSH access. However, after thinking about it, using SSH to set up a Socks5 proxy and managing traffic through Clash seems like a good solution.

Solution Design#

I decided to set up a Socks5 proxy via SSH to provide a channel for the client to access the home server. Then, I will use Clash to intelligently manage the traffic, checking whether the Socks5 is effective to decide whether to use the proxy. The steps are actually not complicated, let’s take a look.

1. Set up a Socks5 Proxy using SSH#

First, I connect to the remote server via SSH and set up a Socks5 proxy.

ssh -o ServerAliveInterval=60 -o ServerAliveCountMax=3 -o TCPKeepAlive=yes -o ForwardAgent=no -o ForwardX11=no -N -D 127.0.0.1:8080 -p 221 root@*******.cn

Let me explain the parameters of this command:

  • -D 127.0.0.1:8080: Starts a dynamic port forwarding on local port 8080, acting as a Socks5 proxy.
  • -o ServerAliveInterval=60: Sends a keep-alive packet every 60 seconds to maintain the connection.
  • -o ServerAliveCountMax=3: If there is no response, it will retry a maximum of 3 times.
  • -o TCPKeepAlive=yes: Enables the TCP keep-alive mechanism.
  • -N: Only performs port forwarding without executing remote commands.
  • -p 221: Specifies the port for the SSH connection (if your server is not on the default port 22, you need to specify it).

With this setup, all traffic through the local 127.0.0.1:8080 port will be forwarded to the remote server.

2. Configure Clash for Traffic Management#

Next, I set up proxy rules in Clash to determine whether to use this Socks5 proxy. The fallback feature of Clash can help us achieve automatic traffic switching.

Nodes:

append:
  - name: 'SSH Tunnel'
    type: 'socks5'
    server: '127.0.0.1'
    port: 8080
    username: ''
    password: ''

Rules:

prepend:
  - 'IP-CIDR,192.168.10.0/24,Proxy-local,no-resolve'

Proxy Group:

prepend:
  - type: 'fallback'
    name: 'Proxy-local'
    interval: 5
    timeout: 5000
    max-failed-times: 1
    lazy: false
    proxies:
      - 'SSH Tunnel'
      - 'DIRECT'

The meaning of this configuration is:

  • A Socks5 proxy is defined in Clash, pointing to 127.0.0.1:8080.
  • Using the fallback proxy group, when the Socks5 proxy is detected as effective, traffic will automatically go through this proxy; otherwise, it will connect directly.
  • Make sure to turn off lazy! As the name suggests, it means not automatically checking whether it is effective.

You want to use the SSH tunnel as the preferred proxy, and when the SSH tunnel is unavailable, the traffic will automatically switch to direct connection. By configuring the interval and timeout, you can control the frequency of detection and the tolerance for timeouts.

A Little Secret#

The advantage of this solution is that when I am out, I only need to maintain the SSH connection, and other traffic will automatically go through the proxy, which is convenient and does not delay work. Moreover, the automatic switching feature of Clash ensures that when the proxy is unavailable, the traffic can automatically revert to direct connection, preventing lag or connection failures.

For someone like me who enjoys tinkering with technology, this method of "remote work" undoubtedly makes life and work more flexible and efficient. If you have similar needs, you might want to give this method a try.

This article is synchronized and updated by Mix Space to xLog. The original link is https://mixspace.crashvibe.cn/posts/default/remote-home-server-ssh-clash-proxy-traffic-management

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.